albert/nix
albert/nix
1
0
Fork 0
Code Issues Pull requests Activity Actions

test

Browse source
This commit is contained in:
iFargle 2024-01-12 10:47:45 +09:00
parent 9191a3bc58
commit 4974f3ea8e
1 changed files with 12 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
nixos/hosts/osaka-linode-01/firewall.nix
View file

@ -26,6 +26,12 @@
ruleset = '' ruleset = ''
table ip nat { table ip nat {
chain PREROUTING { chain PREROUTING {
iifname "enp0s4" tcp dport 25 dnat to 10.100.0.2:25; # Mailserver
iifname "enp0s4" tcp dport 143 dnat to 10.100.0.2:143; # Mailserver
iifname "enp0s4" tcp dport 465 dnat to 10.100.0.2:465; # Mailserver
iifname "enp0s4" tcp dport 587 dnat to 10.100.0.2:587; # Mailserver
iifname "enp0s4" tcp dport 993 dnat to 10.100.0.2:993; # Mailserver
iifname "enp0s4" tcp dport 4190 dnat to 10.100.0.2:4190; # Mailserver
type nat hook prerouting priority dstnat; policy accept; type nat hook prerouting priority dstnat; policy accept;
iifname "enp0s4" tcp dport 80 dnat to 10.100.0.2:80; # HTTP iifname "enp0s4" tcp dport 80 dnat to 10.100.0.2:80; # HTTP
iifname "enp0s4" tcp dport 443 dnat to 10.100.0.2:443; # HTTPS iifname "enp0s4" tcp dport 443 dnat to 10.100.0.2:443; # HTTPS
@ -34,12 +40,6 @@
iifname "enp0s4" tcp dport 1443 dnat to 10.100.0.2:1443; # Headscale DERP (tcp) iifname "enp0s4" tcp dport 1443 dnat to 10.100.0.2:1443; # Headscale DERP (tcp)
iifname "enp0s4" udp dport 3478 dnat to 10.100.0.2:3478; # Headscale DERP (udp) iifname "enp0s4" udp dport 3478 dnat to 10.100.0.2:3478; # Headscale DERP (udp)
iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:10000; # Headscale DERP (udp) iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:10000; # Headscale DERP (udp)
iifname "enp0s4" tcp dport 25 dnat to 10.100.0.2:25; # Mailserver
iifname "enp0s4" tcp dport 143 dnat to 10.100.0.2:143; # Mailserver
iifname "enp0s4" tcp dport 465 dnat to 10.100.0.2:465; # Mailserver
iifname "enp0s4" tcp dport 587 dnat to 10.100.0.2:587; # Mailserver
iifname "enp0s4" tcp dport 993 dnat to 10.100.0.2:993; # Mailserver
iifname "enp0s4" tcp dport 4190 dnat to 10.100.0.2:4190; # Mailserver
} }
} }
''; '';
@ -50,6 +50,12 @@
internalInterfaces = [ "enp0s4" ]; internalInterfaces = [ "enp0s4" ];
externalInterface = "wireguard0"; externalInterface = "wireguard0";
forwardPorts = [ forwardPorts = [
{ sourcePort = 25; proto = "tcp"; destination = "10.100.0.2:25"; } # Mailserver
{ sourcePort = 143; proto = "tcp"; destination = "10.100.0.2:143"; } # Mailserver
{ sourcePort = 465; proto = "tcp"; destination = "10.100.0.2:465"; } # Mailserver
{ sourcePort = 587; proto = "tcp"; destination = "10.100.0.2:587"; } # Mailserver
{ sourcePort = 993; proto = "tcp"; destination = "10.100.0.2:993"; } # Mailserver
{ sourcePort = 4190; proto = "tcp"; destination = "10.100.0.2:4190"; } # Mailserver
{ sourcePort = 80; proto = "tcp"; destination = "10.100.0.2:80"; } # HTTP { sourcePort = 80; proto = "tcp"; destination = "10.100.0.2:80"; } # HTTP
{ sourcePort = 443; proto = "tcp"; destination = "10.100.0.2:443"; } # HTTPS { sourcePort = 443; proto = "tcp"; destination = "10.100.0.2:443"; } # HTTPS
{ sourcePort = 42420; proto = "tcp"; destination = "10.100.0.2:42420"; } # Vintage Story { sourcePort = 42420; proto = "tcp"; destination = "10.100.0.2:42420"; } # Vintage Story
@ -57,12 +63,6 @@
{ sourcePort = 1443; proto = "tcp"; destination = "10.100.0.2:1443"; } # Headscale DERP (tcp) { sourcePort = 1443; proto = "tcp"; destination = "10.100.0.2:1443"; } # Headscale DERP (tcp)
{ sourcePort = 3478; proto = "udp"; destination = "10.100.0.2:3478"; } # Headscale DERP (udp) { sourcePort = 3478; proto = "udp"; destination = "10.100.0.2:3478"; } # Headscale DERP (udp)
{ sourcePort = 10000; proto = "udp"; destination = "10.100.0.2:10000"; } # Headscale DERP (udp) { sourcePort = 10000; proto = "udp"; destination = "10.100.0.2:10000"; } # Headscale DERP (udp)
{ sourcePort = 25; proto = "tcp"; destination = "10.100.0.2:25"; } # Mailserver
{ sourcePort = 143; proto = "tcp"; destination = "10.100.0.2:143"; } # Mailserver
{ sourcePort = 465; proto = "tcp"; destination = "10.100.0.2:465"; } # Mailserver
{ sourcePort = 587; proto = "tcp"; destination = "10.100.0.2:587"; } # Mailserver
{ sourcePort = 993; proto = "tcp"; destination = "10.100.0.2:993"; } # Mailserver
{ sourcePort = 4190; proto = "tcp"; destination = "10.100.0.2:4190"; } # Mailserver
]; ];
}; };
}; };